[ptxdist] [PATCH] expat: Version bump. 2.7.4 -> 2.7.5

mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed

* [ptxdist] [PATCH] expat: Version bump. 2.7.4 -> 2.7.5
@ 2026-03-19 17:16 Christian Melki
  2026-03-29  5:47 ` [ptxdist] [APPLIED] " Michael Olbrich
  0 siblings, 1 reply; 2+ messages in thread
From: Christian Melki @ 2026-03-19 17:16 UTC (permalink / raw)
  To: ptxdist

Mostly security fixes.
https://github.com/libexpat/libexpat/blob/R_2_7_5/expat/Changes

Plugs CVE:
CVE-2026-32776: Fix NULL pointer dereference for empty external parameter entities
CVE-2026-32777: Protect from XML_TOK_INSTANCE_START infinite loop in function entityValueProcessor
CVE-2026-32778: Fix NULL dereference in function setContext

Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
 rules/expat.make | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/expat.make b/rules/expat.make
index 11278aae8..58c7339aa 100644
--- a/rules/expat.make
+++ b/rules/expat.make
@@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_EXPAT) += expat
 #
 # Paths and names
 #
-EXPAT_VERSION		:= 2.7.4
-EXPAT_MD5		:= d8c3327b7e10e75582873a0d97e7a538
+EXPAT_VERSION		:= 2.7.5
+EXPAT_MD5		:= 39ccac48bfbb1b39ad19914a63f2588c
 EXPAT			:= expat-$(EXPAT_VERSION)
 EXPAT_SUFFIX		:= tar.bz2
 EXPAT_RELEASE		:= R_$(subst .,_,$(EXPAT_VERSION))
-- 
2.43.0




^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [ptxdist] [APPLIED] expat: Version bump. 2.7.4 -> 2.7.5
  2026-03-19 17:16 [ptxdist] [PATCH] expat: Version bump. 2.7.4 -> 2.7.5 Christian Melki
@ 2026-03-29  5:47 ` Michael Olbrich
  0 siblings, 0 replies; 2+ messages in thread
From: Michael Olbrich @ 2026-03-29  5:47 UTC (permalink / raw)
  To: ptxdist; +Cc: Christian Melki

Thanks, applied as 1c3db79abad4d51e0810532a6b18a7b552f9da94.

Michael

[sent from post-receive hook]

On Sun, 29 Mar 2026 07:47:02 +0200, Christian Melki <christian.melki@t2data.com> wrote:
> Mostly security fixes.
> https://github.com/libexpat/libexpat/blob/R_2_7_5/expat/Changes
> 
> Plugs CVE:
> CVE-2026-32776: Fix NULL pointer dereference for empty external parameter entities
> CVE-2026-32777: Protect from XML_TOK_INSTANCE_START infinite loop in function entityValueProcessor
> CVE-2026-32778: Fix NULL dereference in function setContext
> 
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> Message-Id: <20260319171620.511377-1-christian.melki@t2data.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/rules/expat.make b/rules/expat.make
> index 11278aae899b..58c7339aa7f2 100644
> --- a/rules/expat.make
> +++ b/rules/expat.make
> @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_EXPAT) += expat
>  #
>  # Paths and names
>  #
> -EXPAT_VERSION		:= 2.7.4
> -EXPAT_MD5		:= d8c3327b7e10e75582873a0d97e7a538
> +EXPAT_VERSION		:= 2.7.5
> +EXPAT_MD5		:= 39ccac48bfbb1b39ad19914a63f2588c
>  EXPAT			:= expat-$(EXPAT_VERSION)
>  EXPAT_SUFFIX		:= tar.bz2
>  EXPAT_RELEASE		:= R_$(subst .,_,$(EXPAT_VERSION))



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-03-29  5:47 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-03-19 17:16 [ptxdist] [PATCH] expat: Version bump. 2.7.4 -> 2.7.5 Christian Melki
2026-03-29  5:47 ` [ptxdist] [APPLIED] " Michael Olbrich

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox